Posts

You’ve likely heard the phrase “Internet of Things” or IoT and at some point, but you might asking yourself what it is and what it means.

The IoT refers to the connection of devices (other than computers and smartphones) to the Internet. Cars, home appliances, and wearables can all be connected to the Internet.

Wearable electronics that we wear have the potential to transform the way we live. Devices from Fitbit and its peer companies allow people to track their health and exercise progress in previously impossible ways.As devices become more connected thanks to the IoT, security and privacy have become the primary concern among people.

Cyber-attacks are also a growing threat as more connected devices pop up. Hackers could penetrate connected cars, critical infrastructure, and even people’s homes.

So how can you protect yourself in this brave new world of the Internet of Things?

Use a unique and complex password for all of your devices so that if one is hacked, all of your devices are not jeopardized.

Read the fine print and find out what information is gathered and stored by your devices as well as how that information is used by the manufacturer.

Your smartphone is the entrance to your car’s connectivity. Keep your smartphone protected with a strong and unique password as well as anti-virus and anti-malware security software.

Change the default usernames and passwords on all of your home network devices.

Use and update anti-virus and anti-malware software on your home computer network.

As scary as the Internet of Things may appear, with better efforts to provide security and privacy by companies making these devices and by all of us taking better precautions, the Internet of Things can be made much safer.

These days it hard for many to imagine or remember what life was like when we didn’t rely upon the Internet so much. The Internet has completely changed how we communicate and interact with society for better or worst. It also has leaded to our personal, financial, and business information to be more vulnerable to malicious threats. We are under constant and increasing attacks every day from these threats. We hear about how to protect ourselves from these threats. But what do you do when not if you became a victim of identity theft.

If you find you are the victim of online fraud or identity theft, the first thing you should do is close all affected accounts immediately. Closing or freezing your accounts can save you a lot of time and stress later when it comes to disputing fraudulent purchases made by a cybercriminal. Monitor your credit and bank statements each month for any unauthorized transactions.

You should set up fraud alert with all three consumer reporting agencies not just one. This is will tell creditors to contact you about any changes or new accounts to be opened in your name. Also you need to contact your banking institution to setup any fraud prevention services they may have. Many banks these days allow their customers to setup spending alerts to notify you of any transactions on your accounts.

Next you need to keep an eye on your credit report from each of the reporting agencies as they have different information. A good way of doing this is to use Mint or Credit Karma because they are free service that will help you keep track of changes with your credit.

For more information about the steps to take and for credit reports, contact:

“Cyber criminals have stolen 143 million credit records in the recent hacking scandal at big-three credit bureau Equifax. At this point you have to assume that the bad guys have highly personal information that they can use to trick you.

You need to watch out for the following things:

Phishing emails that claim to be from Equifax where you can check if your data was compromised

Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information

Calls from scammers that claim they are from your bank or credit union

Fraudulent charges on any credit card because your identity was stolen

Here are 5 things you can do to prevent identity theft:

First sign up for credit monitoring (there are many companies providing that service including Equifax but we cannot recommend that)

Next freeze your credit files at the three major credit bureaus Equifax, Experian and TransUnion. Remember that generally it is not possible to sign up for credit monitoring services after a freeze is in place. Advice for how to file a freeze is available here on a state-by-state basis: http://consumersunion.org/research/security-freeze/

If you believe you may have been the victim of identity theft, here is a site where you can learn more about how to protect yourself: www.idtheftcenter.org. You can also call the center’s toll-free number (888-400-5530) for advice on how to resolve identify-theft issues. All of the center’s services are free

Stop, Think, Connect.org is a group that encourages all Internet users to be more vigilant about practicing safe online habits. Internet safety is a shared responsibility at home and in the workplace. The following link provides some basic tip to stay safe online.

Card skimming is one of the fastest growing fraud schemes. Thieves attach skimmers to ATMs, gas pumps, point-of-sales (POS) systems and other places people swipe their credit and debit cards. Once in place, this sneaky bit of electronics steals the magnetic strip information from your card. The thieves use this information to clone your card, and once they have a clone, they can drain your bank account, or run up huge bills and trash your credit before you even know it. That’s one reason credit card companies and stores are switching to EMV cards.

How can you detect and avoid having your credit card skimmed at the ATM or gas pump?

1. Inspect The Card Reader And The Area Near The PIN Pad

Many banks and merchants realize that skimming is on the rise and will often post a picture of what the real device is supposed to look like so you will see that there is something attached that is not supposed to be there if a skimmer is present.

Of course, a card skimmer could put a fake picture over the real picture so this isn’t a fail-safe way to spot a skimmer.

Most skimming devices are designed to be temporarily affixed to the ATM or gas pump so they can be easily retrieved by the bad guys once they’ve collected a batch of cardholder data.

If you think the scanning device doesn’t look like it matches the machine’s color and style, it might be a skimmer.

2. Look At Other Nearby Gas Pumps or ATM Card Readers to See if They Match The One You Are Using.

Unless skimmers are running a large operation, they probably are only skimming at one gas pump at a time at the station you are using. Look at the pump next to yours to see if the card reader and setup look different. If they do then you might have just spotted a skimmer.

3. Trust Your Instincts. If in Doubt, Use Another Pump or ATM Somewhere Else.

Our brains are excellent at recognizing things that seem out of place. If you get a sense that something looks off about the ATM you are about to use, you might be better off using one that you feel more comfortable with.

4. Avoid Using Your PIN Number at the Gas Pump.

When you pay at the pump with your debit/credit card, you usually have the option to use it as a credit or a debit card. It’s best to choose the credit option that allows you to avoid entering your PIN in sight of a Card Skimmer camera. Even if there is not a card skimmer camera in sight someone could be watching you enter your PIN and could subsequently mug you and take your card to the nearest ATM to withdraw some cash.

When you use it as a credit card you usually only have to enter your billing ZIP code as verification which is much safer than putting in your PIN.

5. Keep an Eye on Your Accounts

If you suspect that you might have had your card skimmed. Keep an eye on your account balance and report any suspicious activity immediately.

Everyone by now has seen or has a debit/credit card with a chip on it. These are called EMV cards which stands for Europay, MasterCard and Visa. EMV is a global standard for credit cards that uses computer chips to authenticate (and secure) chip-card transactions.

Here are 2 great videos that explain what EMV is and why we have it.

How does EMV address payments fraud?
First, the EMV chip card includes a secure microprocessor chip that can store information securely and perform cryptographic processing during a payment transaction. Chip cards carry security credentials that are encoded by the card issuer at personalization. These credentials, or keys, are stored securely in the EMV card’s chip and are impervious to access by unauthorized parties. These credentials therefore help to prevent card skimming and card cloning, one of the common ways magnetic stripe cards are compromised and used for fraudulent activity.

Second, in an EMV chip transaction, the card is authenticated as being genuine, the cardholder is verified, and the transaction includes dynamic data and is authorized online or offline, according to issuer-determined risk parameters. As described above, each of these transaction security features helps to prevent fraudulent transactions.

Third, even if fraudsters are able to steal account data from chip transactions, this data cannot be used to create a fraudulent transaction in an EMV chip or magnetic stripe environment, since every EMV transaction carries dynamic data.
(https://www.securetechalliance.org/publications-emv-faq/)

There are 7.34 billion people in the world and 2.3 billion of them are on social media. It is estimated that social media by 2018 will have 2.5 billion users.

So when you share items on social media you are sharing with a lot people. Things we share on social media are out the for everyone to see and they are out there forever. Here is a list of things you should consider when posting to social media.

1. Why this?

Ask yourself why you’re choosing to share before posting. What is the intention behind the post? It might be to share an important idea, or it could be to make an old boyfriend jealous. Taking a brief pause and really doing some self-inquiry before posting will slow down your process, which is a great practice for being more mindful and less impulsive.

2. Who will see this?

Taking a moment to reflect on who will see your post will help you to discern whether the post is appropriate or beneficial to your social standing. You may have to consider whether your accounts are private or public, or whether it’s a business or personal profile. A post that’s intended for family will also be seen by all of your other followers, so you’ll want to be aware of this before sharing.

3. Would I want this on the front page of the New York Times?

As much as we trust the internet and social media, when you post something it’s out there. If you make the presumption that everything you post could potentially be front-page news, you can really get a sense of what you’re willing to expose. We are a sensationalized culture, and anything shared online is considered fair game. Don’t live in denial that a private account is truly private.

4. How will others feel when they see this?

This is a great question for tapping into a moment of empathy or for being more sensitive. We often post without realizing that there are many people seeing what we’re sharing beyond the people we are holding in mind. Becoming aware of how your post will affect the broader culture may shift what you share.

5. What do I expect?

One of the most depressing moments for many social media posters is not getting a “like.” If you’re expecting people to approve or value your post, then be prepared for disappointment. Getting clear about your expectations before posting is another great way to discern between valuable posts and posts intended for improving your own self-worth.

Before you post anything online, think to yourself, would I want my boss or family to see this? If not, don’t post it. Even if you post something and delete it, doesn’t mean that someone didn’t take a screenshot of it before you had the chance to remove it.

Below are some recommended ways to protect your password security and privacy on social media.

Change your password every few months.

Don’t use the same password on all the sites you visit.

Don’t use a word from the dictionary.

Select strong passwords, with 10 or more characters, that can’t easily be guessed.

Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word.

Randomly add capital letters, punctuation or symbols.

Substitute numbers for letters that look similar (for example, substitute “0” for “o” or “3” for “E”).

Do you feel as though your favorite mobile device has become an appendage of your body, leaving you uncomfortable without it? Are you constantly checking in with your online social network for the latest updates? If so, then you have undoubtedly gone to the corner coffee shop and used their free Internet. You probably went about your business, as usual, checking your emails and maybe even indulging in some online shopping.

After taking into account the average consumer’s contestant Internet usage as well as the fact that people are persistently on-the-go, it is not surprising that Wi-Fi has gone from a luxury to a necessity. Whether you’re at the local coffee shop, a hotel or the airport, you expect to be able to stay connected. However, connecting on-the-go may come at a price.

A common type of attack involving public Wi-Fi is the “man-in-the-middle” attack. Here attackers create their own networks and pose as public Wi-Fi networks, intercepting all of the data flowing between unsuspecting users and the public network. Since all traffic is going through the fraudulent network device, it’s incredibly easy for the hackers to see everything, including data transmitted over encrypted HTTPS connections.

To stay safe when traveling or just down at the local coffee shop follow these tips.

1. Verify Your Access Point: Check with personnel at the hotel, airport or other current hot spot before you log into their network; have them confirm that you are actually connecting to their access point. Hackers can set up fake Wi-Fi hotspots in public places to access your information, e-mails and passwords without your knowledge. When you’re in a public place that offers Wi-Fi you may notice multiple networks available to join. Let’s say that you’re at Panera and see “Panera” and “Free_Panera” networks and automatically think, ‘I want the free Wi-Fi’. This network may be an ad hoc spot, a Wi-Fi hotspot set up in a public place used to steal transmitted data. If you are banking online or sending work e-mails from this fake hotspot, a hacker can see and steal your information.

2. Use Up-to-Date Security Software: Security software can detect malicious code, like a virus or a worm, and prevents it from harming your computer. Make sure you have the latest version of this software protecting your private information.

3. Keep Your Firewall Turned On: A firewall helps to protect your computer from hackers. While firewall software is prepackaged on some operating systems, it may need to be purchased separately for your computer.

4. Disable Automatic Connections: Before you leave your home or office, make sure your computer is not set to automatically connect to unknown networks. Otherwise, you could be connecting to a hacker’s network and not even know it!

5. Disable File Sharing: When you are not using a trusted network, make sure your computer’s file sharing function is not turned on. Better yet, turn your computer off when you are not using it. When your computer is off, hackers cannot connect to your computer.

6. Download With Caution: Even your up-to-date anti-virus software may not protect you from some of the things you may download from the Internet. So, never open an e-mail attachment from someone you don’t know, and be wary of forwarded attachments, even from people you do know.

7. Be Aware of People Around You: When you’re using Wi-Fi in a high-traffic environment, make sure to keep an eye open for any suspicious characters in the area. If something doesn’t feel right, it’s probably not.

8. Avoid software updates while you’re traveling: If you absolutely must perform a software update, verify the update is legitimate by visiting the vendor’s website and social media platform.

9. Utilize two-factor authentication on services that support it: Two-factor authentication(2FA) requires you to log in with a username and password, as usual, but also requires that you enter a code sent to your mobile device. Two-factor authentication greatly reduces the likelihood of someone being able to impersonate you just by using your username and password. Many popular social media sites have enabled 2FA for users to use. Such as Facebook, LinkedIn, and Twitter. Also banking institutions have established 2FA on their sites.

10. Use Mobile Hotspot Instead: Instead of public Wi-Fi networks, you can use your mobile device as a mobile Internet hotspot. Most iPhone and Android devices have this feature built-in. Connecting your laptop to Wi-Fi through your phone or mobile device means you avoid the risks associated with public Wi-Fi. Using a mobile hotspot requires a password, so it’s impossible for anyone else to eavesdrop on your connection unless they have physical access to your phone or the password.

Mobile devices are a part of our life. Just imagine your day without a mobile phone. Consider that there are more than 5 billion mobile devices used on the world amongst 7 billion people. People use their devices to stay in touch, take pictures, shop, bank, listen to music, and socialize. In addition, they store personal and business information on them. As a number of phones grow, security risks will increase too. Mobile security can be compromised due to design flaws, vulnerabilities, failures in any mobile applications, viruses, spyware, malware and other threats.

1. User Authentication
Restricting access to the device by requiring user authentication. Most mobile devices can be locked with a screen lock, password or personal identification number (PIN), but these measures are typically turned off by default. By requiring authentication before a mobile device can be accessed, the data on the device is protected in case of accidental loss or theft of the mobile device. Ensure the use of a powerful password in order to make it more difficult for a potential thief to access the device.

2. Update Your Mobile OS with Security Patches
Keep the mobile operating system and its apps up to date. Mobile operating systems like Apple’s iOS, Google’s Android platform and Microsoft’s Windows Phone provide regular updates to users that resolve security vulnerabilities and other mobile security threats, as well as provide additional security and performance options and features to users. These upgrades aren’t always updated automatically, so mobile devices users may need to turn on automatic updates or update their phones and apps manually on a regular basis.

3. Regularly Back Up Your Mobile Device
Ensure the mobile device’s data is regularly backed up. By backing up a device to another hard drive or to the cloud, the data can be restored in the event the device gets damaged or is lost or stolen. A backup utility or app that runs automatically on a specified schedule is recommended for keeping the backed-up data as current as possible.

5. Enable Remote Data Wipe as an Option
Ensure a remote data wipe option is available on the device in case the device is stolen or lost. Apple’s Find My iPhone app, for example, offers a remote data wiping option in addition to the ability to find the iPhone if it’s lost.

6. Disable Wi-Fi and Bluetooth When Not Needed
Limit the potential for access by hackers through Wi-Fi or Bluetooth by disabling these connectivity options when not needed.

7. Don’t Fall for Phishing Schemes
Avoid potential phishing schemes and malware threats by avoiding clicking on links or opening e-mail attachments from untrusted sources, as they may be from a fraudulent source masquerading as a friend or legitimate company.

8. Avoid All Jailbreaks
Jailbreaking is the process of removing software restrictions put into place on devices that run the operating system. To remain secure ensure that the phone remains locked down. While jailbreaking a smartphone can enable the user to run unverified or unsupported apps, many of these apps carry security vulnerabilities. In fact, many of security exploits only affect jailbroken phones.

HIPPA stands for Health Insurance Portability and Accountability Act. HIPPA was legislation that was enacted in 1996. It is a set of regulations issued by the US Department of Health and Human Services to help insure the privacy and security of individual identifiable health information..

PII is information which can be used to distinguish or trace an individual’s identity, such as their name, social security number (SSN), biometric records, etc. alone or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.

PHI is defined as any individually identifiable health information that is explicitly linked to a particular individual and health information which can allow individual identification. PHI also includes many common identifiers as name, address, birth date, and social security number.

HIPPA includes privacy, security and breach notification rules that protect the privacy and security of health information and provide individuals with certain rights to their health information.

The Privacy Rule, which sets national standards for when protected health information (PHI) may be used and disclosed.

The Security Rule, which specifies safeguards that covered entities and their business associates must implement to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI)

Confidentiality (only the right people see it)Integrity (the information is what it is supposed to be there have been no unauthorized alterations)Availability (the right people see it when it’s needed)

The Breach Notification Rule, which requires Urology of Indiana to notify affected individuals, U.S. Department of Health & Human Services (HHS), and in some cases, the media of a breach of unsecured PHI

Hackers and adversaries are constantly seeking PII and PHI for the purpose of committing health insurance fraud, identity theft, and other financial crimes. As an employee, you are a target because you have access to what the cybercriminals are looking for PII, PHI, financial, personnel, and patient medical information.

Business Email Compromise (BEC) is an exploit in which the attacker spoofs the owner’s identity to defraud the company or its employees, customers or partners of money. This year there were 3 well known businesses in Indianapolis that fell victim to this type of attack.

Ransomware is a type of malicious software that blocks access to the victim’s data and threatens to publish or delete it until a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented extortion attack, recovering the files without the decryption key is an intractable problem. Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the “WannaCry worm”, traveled automatically between computers without user interaction.

Starting from around 2012 the use of ransomware scams has grown internationally. In June 2013, security software vendor McAfee released data showing that it had collected more than double the number of samples of ransomware that quarter than it had in the same quarter of the previous year.[8] CryptoLocker was particularly successful, procuring an estimated US $3 million before it was taken down by authorities, and CryptoWall was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over $18m by June 2015.